Connect an external PostgreSQL database to Lovable by creating a Supabase Edge Function that proxies queries through the pg driver. Store your connection string in Cloud Secrets, never in frontend code. This approach works for any hosted Postgres — Neon, Railway, Render, RDS, or on-prem. Use this when you have an existing database you cannot migrate to Supabase's built-in PostgreSQL.
Connect Any External PostgreSQL Database to Your Lovable App
Lovable's built-in database is Supabase PostgreSQL — a fully managed Postgres instance that gets you schemas, RLS policies, and real-time subscriptions with zero configuration. For most new projects, that is the right choice. But if your team has an existing PostgreSQL database on Neon, Railway, Render, Amazon RDS, Google Cloud SQL, or a self-hosted server, you can connect it to Lovable without migrating your data.
The integration pattern is straightforward: an Edge Function running on Deno acts as a secure query proxy. Your frontend calls the Edge Function with a query description, the Edge Function connects to your Postgres instance using the pg driver and your connection string from Cloud Secrets, executes the query, and returns the results. Because the connection string never leaves the server-side function, your database credentials remain protected even though the Lovable frontend is a public React app.
This approach does mean you give up some of Lovable's AI-assisted database features — automatic schema generation from natural language, auto-created RLS policies, and real-time subscriptions won't apply to your external database. You will need to describe your existing schema to Lovable's AI so it can generate correct query logic. For read-heavy use cases like dashboards and reporting tools, this trade-off is entirely reasonable.
Integration method
External PostgreSQL connects to Lovable through a Supabase Edge Function that uses the pg driver to execute queries server-side. Your database connection string lives in Cloud Secrets, and all queries route through the Edge Function proxy so credentials never reach the browser.
Prerequisites
- A Lovable account with a project open and Lovable Cloud enabled
- An external PostgreSQL database (Neon, Railway, Render, RDS, or self-hosted) with a valid connection string
- Your PostgreSQL connection string in the format: postgresql://user:password@host:5432/dbname
- Knowledge of your database schema — table names, column names, and relationships
- SSL enabled on your PostgreSQL server (required for most hosted providers; Deno enforces SSL by default)
Step-by-step guide
Add Your PostgreSQL Connection String to Cloud Secrets
Add Your PostgreSQL Connection String to Cloud Secrets
Before writing any code, store your database connection string securely. In Lovable, click the '+' button next to the Preview panel to open the Cloud tab. Navigate to the Secrets section. Click 'Add Secret' and create a new secret named POSTGRES_URL. Paste your full connection string as the value — it should look like: postgresql://myuser:mypassword@myhost.example.com:5432/mydatabase?sslmode=require The ?sslmode=require parameter at the end is important. Most hosted PostgreSQL providers (Neon, Railway, RDS) require SSL connections, and omitting this flag can cause connection failures. If your provider gives you a connection string with ?sslmode=verify-full, keep that instead — it's more secure. Do not paste this connection string anywhere in the chat, in component code, or in any client-side file. Lovable's security scanner blocks approximately 1,200 hardcoded credentials per day, but it's still your responsibility to use the Secrets panel. Lovable's AI will reference this secret by name in the Edge Function code using Deno.env.get('POSTGRES_URL').
Pro tip: If you're using Neon, find your connection string in the Neon dashboard under your project → Connection Details. Select 'Pooled connection' for better performance under concurrent load.
Expected result: POSTGRES_URL appears in your Cloud Secrets list with a masked value. The secret is now available to all Edge Functions in this project.
Create the PostgreSQL Query Edge Function
Create the PostgreSQL Query Edge Function
Open the Lovable chat panel and describe the Edge Function you need. Lovable will generate the TypeScript code, but for complex external database integrations, providing an explicit prompt helps ensure the generated code is correct. Ask Lovable to create a new Edge Function at supabase/functions/query-postgres/index.ts. The function needs to: import the pg client from npm:pg, read the connection string from Deno.env.get('POSTGRES_URL'), accept a POST request with a JSON body specifying the operation type and parameters, execute a parameterized query (never string interpolation), handle errors gracefully and return them as JSON, and close the database connection after each request. Parameterized queries are critical for security. Using string interpolation like `SELECT * FROM users WHERE id = ${userId}` creates SQL injection vulnerabilities. The correct pattern is `client.query('SELECT * FROM users WHERE id = $1', [userId])` — the pg driver handles escaping automatically. The Edge Function also needs CORS headers so your Lovable frontend can call it. Lovable adds these automatically when you ask for an Edge Function that the frontend will call.
Create an Edge Function called query-postgres at supabase/functions/query-postgres/index.ts. It should import the pg Client from npm:pg and connect using Deno.env.get('POSTGRES_URL'). The function should accept POST requests with a JSON body containing: operation (string, one of 'select', 'insert', 'update', 'delete'), table (string), filters (optional object of column:value pairs), data (optional object for insert/update), and limit (optional number, default 100). Execute parameterized queries based on the operation type. Return results as JSON with a data array and a count field. Include proper CORS headers and error handling that returns a 400 status with an error message for invalid operations.
Paste this in Lovable chat
Expected result: Lovable creates the file supabase/functions/query-postgres/index.ts and deploys it to your Cloud. You can see the new function listed in Cloud → Edge Functions.
Review and Test the Generated Edge Function Code
Review and Test the Generated Edge Function Code
After Lovable generates the Edge Function, open the Code panel and navigate to supabase/functions/query-postgres/index.ts. Read through the code to verify a few critical points: the connection string is read with Deno.env.get('POSTGRES_URL') and not hardcoded anywhere, queries use parameterized placeholders ($1, $2, etc.) rather than string concatenation, the pg client is created per request or a connection pool is used rather than a global singleton (global singletons can cause issues in Deno's serverless environment), and CORS headers include Access-Control-Allow-Origin, Access-Control-Allow-Headers, and Access-Control-Allow-Methods. If you need to test the function directly before wiring it to the frontend, you can use Lovable's built-in log viewer. Open Cloud → Logs, then trigger the function from your frontend or via the chat prompt. Any console.log output and errors from the Edge Function appear in real time. Common issues at this stage include SSL handshake failures (add ?sslmode=require to the connection string), timeouts on first cold start (Deno functions have a brief warm-up), and pg driver import errors (ensure you're using npm:pg syntax, not a bare pg import).
Show me the complete code for the query-postgres Edge Function. I want to verify that the connection string is only accessed via Deno.env.get and that all queries use parameterized placeholders. If any security issues exist, fix them now.
Paste this in Lovable chat
1// supabase/functions/query-postgres/index.ts2import { serve } from "https://deno.land/std@0.168.0/http/server.ts";3import { Client } from "npm:pg";45const corsHeaders = {6 "Access-Control-Allow-Origin": "*",7 "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",8 "Access-Control-Allow-Methods": "POST, OPTIONS",9};1011serve(async (req: Request) => {12 if (req.method === "OPTIONS") {13 return new Response("ok", { headers: corsHeaders });14 }1516 try {17 const { operation, table, filters, data, limit = 100 } = await req.json();1819 if (!operation || !table) {20 return new Response(21 JSON.stringify({ error: "operation and table are required" }),22 { status: 400, headers: { ...corsHeaders, "Content-Type": "application/json" } }23 );24 }2526 const client = new Client({ connectionString: Deno.env.get("POSTGRES_URL") });27 await client.connect();2829 let result;30 try {31 if (operation === "select") {32 const conditions = filters33 ? Object.entries(filters).map(([k, _], i) => `${k} = $${i + 1}`).join(" AND ")34 : null;35 const values = filters ? Object.values(filters) : [];36 const sql = conditions37 ? `SELECT * FROM ${table} WHERE ${conditions} LIMIT $${values.length + 1}`38 : `SELECT * FROM ${table} LIMIT $1`;39 result = await client.query(sql, [...values, limit]);40 } else if (operation === "insert") {41 const cols = Object.keys(data).join(", ");42 const placeholders = Object.keys(data).map((_, i) => `$${i + 1}`).join(", ");43 result = await client.query(44 `INSERT INTO ${table} (${cols}) VALUES (${placeholders}) RETURNING *`,45 Object.values(data)46 );47 } else {48 return new Response(49 JSON.stringify({ error: `Unsupported operation: ${operation}` }),50 { status: 400, headers: { ...corsHeaders, "Content-Type": "application/json" } }51 );52 }53 } finally {54 await client.end();55 }5657 return new Response(58 JSON.stringify({ data: result.rows, count: result.rowCount }),59 { status: 200, headers: { ...corsHeaders, "Content-Type": "application/json" } }60 );61 } catch (error) {62 return new Response(63 JSON.stringify({ error: error.message }),64 { status: 500, headers: { ...corsHeaders, "Content-Type": "application/json" } }65 );66 }67});Pro tip: Avoid storing a global pg Client outside the request handler in Deno Edge Functions. Deno's serverless environment may reuse function instances unpredictably, and a stale global connection can cause errors. Create and close the client per request, or use a connection pool library like pg-pool.
Expected result: The Edge Function code is visible in the Code panel and shows Deno.env.get('POSTGRES_URL') for the connection string. No raw credentials appear anywhere in the code.
Build Frontend Components That Query Your PostgreSQL Database
Build Frontend Components That Query Your PostgreSQL Database
With the Edge Function deployed, you can now ask Lovable to build frontend components that call it. Open the chat and describe the UI you want — Lovable will generate React components that call the query-postgres Edge Function via fetch and display the results. For Lovable's AI to generate accurate query logic, tell it your schema explicitly: table names, column names, data types, and any foreign key relationships. Without this context, Lovable may guess column names incorrectly. A useful approach is to paste a simplified schema description into the chat: 'My PostgreSQL database has these tables: users (id uuid, name text, email text, created_at timestamptz), orders (id uuid, user_id uuid, total numeric, status text, created_at timestamptz).' The generated React code will use a pattern like: calling the Edge Function URL (which Lovable constructs automatically from your project's Supabase URL), passing the operation type and parameters as a JSON body, handling loading and error states in the component, and displaying results in a table, list, or chart. You will see the fetch call reference your Supabase project URL plus /functions/v1/query-postgres — this is the correct endpoint format for Lovable Cloud Edge Functions.
I have a PostgreSQL database with these tables: customers (id serial PRIMARY KEY, name text, email text, tier text, created_at timestamptz) and orders (id serial PRIMARY KEY, customer_id integer REFERENCES customers(id), amount numeric(10,2), status text, created_at timestamptz). Using the query-postgres Edge Function, build a dashboard page showing: a table of all customers with their order count and total spend, a filter to show customers by tier, and a chart of orders by status. Use the shadcn/ui Table and Card components.
Paste this in Lovable chat
Expected result: Lovable generates a dashboard page with working data fetching from your external PostgreSQL database. The browser network tab shows calls to your Edge Function returning real data from your Postgres tables.
Add Error Handling and Secure the Edge Function Endpoint
Add Error Handling and Secure the Edge Function Endpoint
By default, Edge Functions in Lovable are publicly accessible — any caller with the function URL can invoke them. For a database proxy, you should add authentication to prevent unauthorized database access. The simplest method is to require the Supabase anon key in the Authorization header, which Lovable's frontend sends automatically when using the Supabase client. Ask Lovable to add authentication to your Edge Function by verifying the JWT from the Authorization header. This ensures only authenticated users from your Lovable app can trigger database queries. For read-only public data, you may choose to leave the function open, but for any write operations or user-specific data, authentication is essential. Also review your Edge Function's error handling: does it return user-friendly messages for expected errors (record not found, validation failure) versus generic 500 responses for unexpected errors? Detailed database error messages should not be returned to the frontend in production — they can leak schema information. Ask Lovable to filter error messages so only safe, generic descriptions reach the client. For production deployments with strict security requirements or complex multi-table schemas, RapidDev's team can help audit your Edge Function code and database access patterns.
Update the query-postgres Edge Function to require authentication. Verify the JWT from the Authorization header using the Supabase JWT secret before executing any database queries. Return a 401 Unauthorized response if the token is missing or invalid. Also improve error handling so database errors return a generic 'Database query failed' message to the client without exposing table names or query details.
Paste this in Lovable chat
Pro tip: Test authentication by opening your browser's developer tools → Network tab, finding a request to query-postgres, and checking that the Authorization header is present. If it's missing, Lovable may not be sending the Supabase session token — ask Lovable to ensure the Supabase client is initialized and the user is logged in before calling the function.
Expected result: Unauthorized requests to the Edge Function return 401. Your app's authenticated users can still query the database normally. Cloud → Logs shows successful authenticated requests.
Common use cases
Build a dashboard over an existing production database
Your company already runs a PostgreSQL database on RDS or Railway with years of production data. You want a Lovable-built dashboard to visualize that data without moving it. The Edge Function proxy lets Lovable's frontend read from your existing tables while keeping your database credentials secure.
I have an existing PostgreSQL database on Railway with tables for orders, customers, and products. I've added the connection string to Cloud Secrets as POSTGRES_URL. Create an Edge Function called query-postgres that accepts a query type parameter and returns the appropriate data. Then build a dashboard page showing total orders this month, top 5 customers by revenue, and low-stock products.
Copy this prompt to try it in Lovable
Migrate a legacy app's database to a modern UI
An older internal tool uses PostgreSQL but has an outdated interface. You want to rebuild the UI in Lovable while keeping the original database intact. The Edge Function handles all CRUD operations against the existing schema, and Lovable generates the new React frontend.
I'm rebuilding the UI for our internal CRM. The existing PostgreSQL database has tables: contacts (id, name, email, company, created_at), notes (id, contact_id, body, created_at), and deals (id, contact_id, value, stage, closed_at). Create Edge Functions for listing contacts with search, viewing a contact with their notes and deals, creating a new contact, and adding a note. Then build the UI using these functions.
Copy this prompt to try it in Lovable
Connect a Neon serverless database to a new Lovable project
Neon's serverless PostgreSQL offers a generous free tier and branch-based development workflows. By connecting it through a Lovable Edge Function, you get Neon's serverless scaling and branching with Lovable's AI-assisted frontend generation.
I'm using Neon as my PostgreSQL provider. I've stored the Neon connection string in Cloud Secrets as NEON_DATABASE_URL. Create a generic Edge Function called db-query that accepts a table name and optional filter parameters, then returns paginated results. I need this for a product catalog app with tables for products, categories, and reviews.
Copy this prompt to try it in Lovable
Troubleshooting
Edge Function returns 'connection refused' or 'ECONNREFUSED' when querying PostgreSQL
Cause: The database server is not reachable from Deno's edge infrastructure. This can happen if the PostgreSQL server blocks external connections, the host is wrong in the connection string, or a firewall rule restricts access to the database port.
Solution: Check that your PostgreSQL provider allows connections from external IPs. In most hosted services (Railway, Neon, Render), ensure 'Public network access' is enabled in the database settings. For RDS, check the security group inbound rules to allow port 5432 from 0.0.0.0/0 (or the specific IP ranges used by Supabase edge infrastructure). Verify the hostname, port, and database name in your POSTGRES_URL secret are exactly correct by logging them temporarily with console.log (then remove the log after testing).
SSL connection error: 'self signed certificate' or 'certificate verify failed'
Cause: The PostgreSQL server is using a self-signed certificate that Deno's default SSL verification rejects. Deno enforces strict SSL validation, unlike some Node.js drivers that silently accept invalid certificates.
Solution: Add ?sslmode=require to your connection string if not already present. For development environments with self-signed certificates, you can add ?sslmode=no-verify — but never use this in production. For production, configure your PostgreSQL provider to use a certificate from a trusted CA, or use the hosted services that provide managed TLS (Neon, Railway, Render all do this by default).
1// In Cloud Secrets, update POSTGRES_URL to:2// postgresql://user:pass@host:5432/db?sslmode=require34// In your Edge Function, verify it reads correctly:5const connectionString = Deno.env.get("POSTGRES_URL");6console.log("Has SSL param:", connectionString?.includes("sslmode"));Query returns 'P0001: Secret POSTGRES_URL not found' error
Cause: The Edge Function cannot find the secret because the name in the code does not exactly match the name stored in Cloud Secrets. Secret names are case-sensitive.
Solution: Open Cloud tab → Secrets and confirm the exact secret name — character by character. Then check your Edge Function code for the Deno.env.get() call. The string passed to Deno.env.get() must match the secret name exactly, including capitalization and underscores. Also verify the secret was saved — click the secret entry to see its masked value; if the row shows 'No value', the save may have failed.
Frontend receives CORS errors when calling the query-postgres Edge Function
Cause: The Edge Function is missing CORS headers, or is not handling the OPTIONS preflight request that browsers send before cross-origin POST requests.
Solution: Ensure your Edge Function handles OPTIONS requests by returning a 200 response with the required CORS headers before any other logic. Check that the Access-Control-Allow-Origin header is present in all responses, including error responses. In Lovable, you can ask the AI to 'add proper CORS handling to the query-postgres Edge Function including OPTIONS preflight support'.
1const corsHeaders = {2 "Access-Control-Allow-Origin": "*",3 "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",4 "Access-Control-Allow-Methods": "POST, OPTIONS",5};67// At the top of your serve() handler:8if (req.method === "OPTIONS") {9 return new Response("ok", { headers: corsHeaders });10}Best practices
- Always store your PostgreSQL connection string in Cloud Secrets (POSTGRES_URL) — never paste it in chat, code comments, or component files
- Use parameterized queries with $1, $2 placeholders in every SQL statement to prevent SQL injection attacks
- Create and close the pg Client within each request handler rather than using a global singleton, since Deno Edge Functions are stateless
- Add authentication to your Edge Function by verifying the Supabase JWT before executing queries, especially for write operations
- Return generic error messages to the frontend in production — never expose raw PostgreSQL error details that could reveal schema information
- Use connection strings with ?sslmode=require for all production databases to ensure encrypted connections
- Tell Lovable your exact schema (table names, column names, types) when building frontend components so the AI generates correct query logic without guessing
- Monitor your Edge Function in Cloud → Logs after deployment to catch connection failures, slow queries, or authentication errors before users encounter them
Alternatives
Supabase is Lovable's native database layer — choose it for new projects to get AI-assisted schema generation, automatic RLS policies, and real-time subscriptions without any proxy setup.
MySQL uses the same Edge Function proxy pattern but with the mysql2 npm driver — choose MySQL if your existing database is MySQL rather than PostgreSQL.
Microsoft SQL Server requires the mssql npm driver and uses T-SQL syntax — choose it if your organization runs on the Microsoft data stack.
Frequently asked questions
Can I use Lovable's AI to automatically generate my PostgreSQL schema?
Lovable's AI-assisted schema generation works only with the built-in Supabase database, not external PostgreSQL connections. For external databases, you need to describe your existing schema explicitly in the chat so Lovable generates correct query logic. You can paste CREATE TABLE statements or a column list directly into the chat to give the AI the schema context it needs.
Does this integration work with serverless PostgreSQL providers like Neon?
Yes, Neon and other serverless PostgreSQL providers work well with this pattern. Use Neon's pooled connection string (found under Connection Details → Pooled connection) for better performance, since Deno Edge Functions make frequent short-lived connections. Neon's serverless driver (neon-serverless) is also compatible with Deno if you prefer it over the standard pg driver.
Will my existing PostgreSQL data be visible to Lovable's AI?
No. Lovable's AI agent only accesses data you explicitly pass to it in the chat. Your PostgreSQL database credentials are stored as encrypted secrets, and your data only flows through the Edge Function at runtime when your app's users trigger queries. The AI has no background access to your database contents.
What is the difference between this integration and using Lovable's built-in Supabase database?
Lovable's built-in Supabase database gives you AI-assisted schema creation from natural language, automatically generated Row Level Security policies, real-time subscriptions, and a visual table editor — all without writing any SQL. This external PostgreSQL integration sacrifices those conveniences in exchange for using your existing database. Choose built-in Supabase for new projects and external PostgreSQL only when you cannot or should not move your existing data.
Can I run migrations or schema changes on my external PostgreSQL through Lovable?
Lovable does not manage migrations for external PostgreSQL databases. Schema changes must be made directly in your PostgreSQL provider's interface or using a migration tool like Flyway or Liquibase. After making schema changes, update the schema description you gave Lovable in the chat so the AI generates correct queries for the new structure.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation